Re: OpenSSL verion from mod_ssl statically compiled into httpd?
Hi guys, Is there a definitive way of finding out the version of OpenSSL used by httpd, with mod_ssl statically compiled into it. Thanks! |-+-> | | [EMAIL PROTECTED]| | | om| | | Sent by: | | | owner-modssl-users| | | @modssl.org | | | | | | | | | 07/06/2007 13:59 | | | Please respond to | | | modssl-users | | | | |-+-> >--| |< | | To: modssl-users@modssl.org< | | cc: modssl-users@modssl.org, [EMAIL PROTECTED] | | Subject: Re: OpenSSL verion from mod_ssl statically compiled into httpd? | >--| Thanks for the reply Zareh, but still no joy :-( We DO have old libraries on the box, but when compiling apache (after setting SSL_BASE), The output does show: . . + SSL library version: OpenSSL 0.9.8e 23 Feb 2007 . . Running a strings on httpd shows: OpenSSL 0.9.7b 10 Apr 2003 SSLv2 part of OpenSSL 0.9.8e 23 Feb 2007 TLSv1 part of OpenSSL 0.9.8e 23 Feb 2007 OpenSSL 0.9.8e 23 Feb 2007 SSLv3 part of OpenSSL 0.9.8e 23 Feb 2007 Big Number part of OpenSSL 0.9.8e 23 Feb 2007 RSA part of OpenSSL 0.9.8e 23 Feb 2007 Diffie-Hellman part of OpenSSL 0.9.8e 23 Feb 2007 Stack part of OpenSSL 0.9.8e 23 Feb 2007 lhash part of OpenSSL 0.9.8e 23 Feb 2007 EVP part of OpenSSL 0.9.8e 23 Feb 2007 ASN.1 part of OpenSSL 0.9.8e 23 Feb 2007 X.509 part of OpenSSL 0.9.8e 23 Feb 2007 MD2 part of OpenSSL 0.9.8e 23 Feb 2007 MD5 part of OpenSSL 0.9.8e 23 Feb 2007 SHA1 part of OpenSSL 0.9.8e 23 Feb 2007 SHA-256 part of OpenSSL 0.9.8e 23 Feb 2007 SHA-512 part of OpenSSL 0.9.8e 23 Feb 2007 DES part of OpenSSL 0.9.8e 23 Feb 2007 libdes part of OpenSSL 0.9.8e 23 Feb 2007 RC2 part of OpenSSL 0.9.8e 23 Feb 2007 RC4 part of OpenSSL 0.9.8e 23 Feb 2007 IDEA part of OpenSSL 0.9.8e 23 Feb 2007 DSA part of OpenSSL 0.9.8e 23 Feb 2007 ECDSA part of OpenSSL 0.9.8e 23 Feb 2007 ECDH part of OpenSSL 0.9.8e 23 Feb 2007 RAND part of OpenSSL 0.9.8e 23 Feb 2007 PEM part of OpenSSL 0.9.8e 23 Feb 2007 CONF part of OpenSSL 0.9.8e 23 Feb 2007 CONF_def part of OpenSSL 0.9.8e 23 Feb 2007 As you can see from the top line, 0.9.7b is comming in from [EMAIL PROTECTED] Question, is the output of this LogFormat line an accurate reflection of what version of openssl was compiled into httpd?: CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x" I'll try and move those libs out of the way, and re-compile |-+-> | | Zareh | | | <[EMAIL PROTECTED]| | | > | | | Sent by: | | | owner-modssl-users| | | @modssl.org | | | | | | | | | 06/06/2007 06:10 | | | Please respond to | | | modssl-users | | | | |-+-> >--| |< | | To: modssl-users@modssl.org< | | cc: | | Subject: Re: OpenSSL verion from mod_ssl statically compiled into httpd? | >--| Hi Vishal, I seem to remember running into this a while back, it turned out that I had old ssl libs in /usr/local/ssl and apache's build scripts were picking them up. instead of /usr/local/openssl - I can't remember what I did to get them to compile with the newer openssl libs, but here are a few things you could try: 1) Set the following in your environment before you build apache/mod_ssl SSL_BASE=/usr/local/openssl (wherever the libs are you want to compile against) export SSL_BASE 2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and move them int
Re: OpenSSL verion from mod_ssl statically compiled into httpd?
Thanks for the reply Zareh, but still no joy :-( We DO have old libraries on the box, but when compiling apache (after setting SSL_BASE), The output does show: . . + SSL library version: OpenSSL 0.9.8e 23 Feb 2007 . . Running a strings on httpd shows: OpenSSL 0.9.7b 10 Apr 2003 SSLv2 part of OpenSSL 0.9.8e 23 Feb 2007 TLSv1 part of OpenSSL 0.9.8e 23 Feb 2007 OpenSSL 0.9.8e 23 Feb 2007 SSLv3 part of OpenSSL 0.9.8e 23 Feb 2007 Big Number part of OpenSSL 0.9.8e 23 Feb 2007 RSA part of OpenSSL 0.9.8e 23 Feb 2007 Diffie-Hellman part of OpenSSL 0.9.8e 23 Feb 2007 Stack part of OpenSSL 0.9.8e 23 Feb 2007 lhash part of OpenSSL 0.9.8e 23 Feb 2007 EVP part of OpenSSL 0.9.8e 23 Feb 2007 ASN.1 part of OpenSSL 0.9.8e 23 Feb 2007 X.509 part of OpenSSL 0.9.8e 23 Feb 2007 MD2 part of OpenSSL 0.9.8e 23 Feb 2007 MD5 part of OpenSSL 0.9.8e 23 Feb 2007 SHA1 part of OpenSSL 0.9.8e 23 Feb 2007 SHA-256 part of OpenSSL 0.9.8e 23 Feb 2007 SHA-512 part of OpenSSL 0.9.8e 23 Feb 2007 DES part of OpenSSL 0.9.8e 23 Feb 2007 libdes part of OpenSSL 0.9.8e 23 Feb 2007 RC2 part of OpenSSL 0.9.8e 23 Feb 2007 RC4 part of OpenSSL 0.9.8e 23 Feb 2007 IDEA part of OpenSSL 0.9.8e 23 Feb 2007 DSA part of OpenSSL 0.9.8e 23 Feb 2007 ECDSA part of OpenSSL 0.9.8e 23 Feb 2007 ECDH part of OpenSSL 0.9.8e 23 Feb 2007 RAND part of OpenSSL 0.9.8e 23 Feb 2007 PEM part of OpenSSL 0.9.8e 23 Feb 2007 CONF part of OpenSSL 0.9.8e 23 Feb 2007 CONF_def part of OpenSSL 0.9.8e 23 Feb 2007 As you can see from the top line, 0.9.7b is comming in from [EMAIL PROTECTED] Question, is the output of this LogFormat line an accurate reflection of what version of openssl was compiled into httpd?: CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x" I'll try and move those libs out of the way, and re-compile |-+-> | | Zareh | | | <[EMAIL PROTECTED]| | | > | | | Sent by: | | | owner-modssl-users| | | @modssl.org | | | | | | | | | 06/06/2007 06:10 | | | Please respond to | | | modssl-users | | | | |-+-> >--| |< | | To: modssl-users@modssl.org< | | cc: | | Subject: Re: OpenSSL verion from mod_ssl statically compiled into httpd? | >--| Hi Vishal, I seem to remember running into this a while back, it turned out that I had old ssl libs in /usr/local/ssl and apache's build scripts were picking them up. instead of /usr/local/openssl - I can't remember what I did to get them to compile with the newer openssl libs, but here are a few things you could try: 1) Set the following in your environment before you build apache/mod_ssl SSL_BASE=/usr/local/openssl (wherever the libs are you want to compile against) export SSL_BASE 2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and move them into another directory. Build apache/mod_ssl - then just untar the old libs back into place. ... kinda messy though :) - Original Message From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: modssl-users@modssl.org Sent: Monday, June 4, 2007 8:52:34 AM Subject: OpenSSL verion from mod_ssl statically compiled into httpd? Question: How do I find out the version of openssl used by my httpd that has mod_ssl statically compiled into it? "HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can get anything is to use the following in the Apache conf: CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x" Is this accurate, and can it be trusted? I ask because I recompiled apache/mod_ssl using openssl 0.9.8c and the version the above showed in the logs was older: 0.9.7b, which isn't installed on the box...? My LD_LIBRARY path was set to /usr/local/ssl/lib, which contained: engines/ libcrypto.a libcrypto.so libcrypto.so.0.9.8* libssl.a libssl.so libssl.so.0.9.8* pkgconfig/ It's an old setup that I've inherited from people who have all left now :-( The so
Re: OpenSSL verion from mod_ssl statically compiled into httpd?
Hi Vishal, I seem to remember running into this a while back, it turned out that I had old ssl libs in /usr/local/ssl and apache's build scripts were picking them up. instead of /usr/local/openssl - I can't remember what I did to get them to compile with the newer openssl libs, but here are a few things you could try: 1) Set the following in your environment before you build apache/mod_ssl SSL_BASE=/usr/local/openssl (wherever the libs are you want to compile against) export SSL_BASE 2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and move them into another directory. Build apache/mod_ssl - then just untar the old libs back into place. ... kinda messy though :) - Original Message From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: modssl-users@modssl.org Sent: Monday, June 4, 2007 8:52:34 AM Subject: OpenSSL verion from mod_ssl statically compiled into httpd? Question: How do I find out the version of openssl used by my httpd that has mod_ssl statically compiled into it? "HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can get anything is to use the following in the Apache conf: CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x" Is this accurate, and can it be trusted? I ask because I recompiled apache/mod_ssl using openssl 0.9.8c and the version the above showed in the logs was older: 0.9.7b, which isn't installed on the box...? My LD_LIBRARY path was set to /usr/local/ssl/lib, which contained: engines/ libcrypto.a libcrypto.so libcrypto.so.0.9.8* libssl.a libssl.so libssl.so.0.9.8* pkgconfig/ It's an old setup that I've inherited from people who have all left now :-( The source files and the way in which this was compiled have gone. To be honest, I'm a bit confused as to the whole ssl setup with regards to solaris <-->apache <--> mod_ssl. I download and compiled openssl 0.9.8e from source and compiled mod_ssl with ./configure --with-apache=../apache_1.3.37 --with-ssl=../openssl-0.9.8e But when apache built, it said that it was using 0.9.8c the one installed as a pkg on the solaris box. Why would it do that? Anyway, the custom log shows the correct mod_ssl version, but an old openssl version. Any help is much appreciated, thanks in advance guys. Regards, Vish. ** This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. We may monitor email to and from our network. For more details see www.FT.com. The Financial Times Limited, registered in England and Wales number 227590. Registered office: Number One Southwark Bridge, London SE1 9HL. VAT number GB 278 5371 21. F.T. Publications Inc, incorporated in New York, number 13-2545828, Registered office: 1330 Avenue of the Americas, New York NY 10019, USA. The Financial Times (HK) Limited, registered in Hong Kong number 108204, Registered office: Suite 2903-2909, level 29, 2 International Finance Centre, No.8 Finance Street, Central, Hong Kong. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games. http://sims.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
OpenSSL verion from mod_ssl statically compiled into httpd?
Question: How do I find out the version of openssl used by my httpd that has mod_ssl statically compiled into it? "HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can get anything is to use the following in the Apache conf: CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x" Is this accurate, and can it be trusted? I ask because I recompiled apache/mod_ssl using openssl 0.9.8c and the version the above showed in the logs was older: 0.9.7b, which isn't installed on the box...? My LD_LIBRARY path was set to /usr/local/ssl/lib, which contained: engines/ libcrypto.a libcrypto.so libcrypto.so.0.9.8* libssl.a libssl.so libssl.so.0.9.8* pkgconfig/ It's an old setup that I've inherited from people who have all left now :-( The source files and the way in which this was compiled have gone. To be honest, I'm a bit confused as to the whole ssl setup with regards to solaris <-->apache <--> mod_ssl. I download and compiled openssl 0.9.8e from source and compiled mod_ssl with ./configure --with-apache=../apache_1.3.37 --with-ssl=../openssl-0.9.8e But when apache built, it said that it was using 0.9.8c the one installed as a pkg on the solaris box. Why would it do that? Anyway, the custom log shows the correct mod_ssl version, but an old openssl version. Any help is much appreciated, thanks in advance guys. Regards, Vish. ** This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. We may monitor email to and from our network. For more details see www.FT.com. The Financial Times Limited, registered in England and Wales number 227590. Registered office: Number One Southwark Bridge, London SE1 9HL. VAT number GB 278 5371 21. F.T. Publications Inc, incorporated in New York, number 13-2545828, Registered office: 1330 Avenue of the Americas, New York NY 10019, USA. The Financial Times (HK) Limited, registered in Hong Kong number 108204, Registered office: Suite 2903-2909, level 29, 2 International Finance Centre, No.8 Finance Street, Central, Hong Kong. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]